package com.taotao.rop.manager;

import com.rop.security.ServiceAccessController;
import com.rop.session.Session;
import com.rop.session.SimpleSession;
import com.taotao.rop.database.domain.RopAppSecret;
import com.taotao.rop.database.mapper.RoleMapper;
import com.taotao.rop.database.mapper.RopAppSecretMapper;
import org.springframework.beans.factory.annotation.Autowired;

import java.util.List;

/**
 * ROP的权限控制
 */
public class RopServiceAccessController implements ServiceAccessController {
    @Autowired
    private RopAppSecretMapper ropAppSecretMapper;
    @Autowired
    private RoleMapper roleMapper;


    @Override
    public boolean isAppGranted(String appKey, String method, String version) {
        //TODO: 授权app访问哪些方法
        RopAppSecret condition = new RopAppSecret();
        condition.setAppId(appKey);
        List<RopAppSecret> ropAppSecretList = ropAppSecretMapper.getList(condition);
        if (ropAppSecretList != null && ropAppSecretList.size() > 0) {
            return true;
        }
        return false;
    }

    @Override
    public boolean isUserGranted(Session session, String method, String version) {
        SimpleSession theSession = (SimpleSession) session;
        //TODO: 用户授权访问哪些方法
        if (theSession != null) {
            Long roleId = (Long) theSession.getAttribute(RopSessionManager.KEY_ROLE_ID);
        }
        return true;
    }
}
